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In November of 2010 the team at The Hacker News finally achieved our ultimate goal of 
launching an on line magazine addressing the tricky and complicated world of hackers and 
hacking. In our first year The Hacker News made our fair shares of mistakes, typical of first- 
time publishers, but our successes have been innumerable and The Hacker News has 
reached many of it goals in this often hectic and exciting first year. The Hacker News was for- 
tunate enough to have assembled a dedicated and professional team that intrinsically under- 
stood that it is not enough to hope to succeed; you have to plan to succeed. And I am grateful 
to each and every one of these talent people that understood this concept and helped imple- 
ment it daily to help insure our success. 

As the mainstream media often denigrates computer hackers as nothing more than digital 
pranksters, we at The Hacker News believe that many of these collective hacker groups have 
the power to change the world for good. In its first year The Hacker News wanted to have a 
front row seat so we could bring to you, our readers, the world of hackers and web revolu- 
tionaries and to be able to give our readers a much clearer idea who these individuals are, 
and to dig more deeply into this growing subculture. 

As we enter our second year The Hacker News team would like to "Thank You" our readers, 
for your continued loyalty and positive impute. Because of you, our team remains excited an 
energized to continue bring our readers the most up to date information on hacking and 
hackers. We at The Hacker News understands the importance of reporting on hacking 
groups that focus on the ethically wrongs in society such as unregulated corporate power, 
secretive government, and invasion of privacy. We agree ~ "The Revolution will not be Fire- 
walled" 

"Truth is the Most Powerful Weapon Against Injustice." 



Celebrating Anniversary 

The Hacker News 




It has been a wonderful "HACK" filled year as we disseminated security 
and hacking information around the world. We are grateful for our 
loyal readership and welcome new readers and contributors. 



Let's face it. Hacking isn't going away and growing security concerns 
are an issue we all need to stay on top of. Being informed about the 
latest and newest in security measures and the work of hackers to 
break into these means is a global issue with tremendous consequenc- 
es. 



Hacking and security violations affect us all. Not only big corporations 
which store your information but the health and welfare of your per- 
sonal PC's. 



The Hacker News has tracked the events of the last year and we are 
amazed at the talent and finesse of techy people who can break into the 
most complicated and sophisticated systems. You can depend on us 
for breaking news in the area of computer security. Keep reading and 
keep checking our daily web news. 

In case you did not know, The Hacker News (THN), first estab- 
lished in 2010, has become a leading resource in providing informa- 
tion and resources to security experts and hackers worldwide. Initially 
begun as a Cyber-Awareness Program, The Hacker News has evolved 
to work closely with and within the cyber security communities in an 
effort to make the internet more secure. We have worked with various 
organizations to manage their security risks and secure their infra 
structure by analyzing, designing and implementing the best cost- 
effective security processes. 

In addition to providing up-to-date news and resources, The Hacker 
News now provides Ethical Hacking Training, Workshops, Seminars, 
Security Testing Services and Security Certifications at our on-ground 
institution in India. This customized and rigorous program offers com- 
prehensive practical and advanced training which can open up a broad 
spectrum of career opportunities in the international IT security 
market. 

THN is dedicated to making your learning a valuable experience by en- 
hancing the depth of your knowledge through real-time, hands-on 
work experience. Guided by a team of professionals and faculty, you 
will be faced with real IT-related problems and scenarios. These valu- 
able skills will help pave the way for your success in the field of infor- 
mation security. 

We believe that knowledge grows when shared. We want to share it all 
with you. 

Thanks for a GREAT year! Here's to our next 



Mohit Kumar 




How and why has the Occupy Wall Street movement developed and so 
rapidly broadened to now include thousands of cities and peoples through 
the world? 

Why are the people of the world now coalescing in ways that seemed un- 
imaginable just a few short years ago? Inspired by the uprisings across the 
Arab world; down trodden people worldwide are identifying with the 
Occupy Wall Street moment and are breaking free of their feelings of pow- 
erlessness and confronting the financial institutions with demands that 
reflects legitimate, long standing grievances of basic unfairness and injus- 
tices. 

The Occupy Wall Street movement is definitely a people-power-driven 
movement that has swiftly spread to well over 100 cities in the United 
States and now has active actions in over 1,500 cities worldwide, and 
growing. 



Social media tools may also help explain the demonstrations' rapid prolif- 
eration as activists from around the globe are organizing themselves 
through the Internet and social networks such as Facebook and Twitter in 
a joint endeavor to protest the crippling global economic crisis and hold 
politicians and bankers responsible. Not to mention our beloved Anony- 
mous. We believe Anonymous has heard the message that they are one of 
the strongest warriors in this global battle of freedom for people and have 
helped take up arms via technology against the corruption and mayhem of 
governments world wide. They have been able to move people from their 
computers to the streets where we believe a strong presence needs to be to 
"show" global leaders we are not stupid and ignorant followers but highly 
intelligent individuals who are sick and tired of being duped by money, 
greed, and corporate sultans. 

It is now plainly evident they these globalized financial institutions are re- 
sponsible for creating the terrible economic hardship and struggles world- 
wide. Ordinary people around the world are dealing with the detrimental 
effects of the globalized financial system. They are starting to see clearly 
how the obscenely wealthy financial oligarchs have gained immense 
power over the political economy and how they manipulate it to serves 
only the big moneyed interests. The multitudes are awakening to the sad 
facts that their elected officials are nothing more than bought and sold po- 
litical lackeys that do the bidding of their wealthy masters. The people are 
now facing the facts that their political leaders have robbed them and now 
want to impose fiscal austerity measures on them while rescuing the 
banks without holding the banks responsible in anyway for all the suffer- 
ing and hardship they caused. 

With a few simple facts it is easy to understand why the Occupy Wall 
Street protesters are angry and why the movement has spread rapidly and 
worldwide. 

Inequality in the United States and other countries has hit a level of imbal- 
ance that has been seen only once in US and global history. In addition, 
unemployment has reached levels that have been seen only once since the 
Great Depression. 




Close to four years after the financial crisis, the unemployment rate is still 
at the highest level since the Great Depression and jobs are difficult to 
secure and continue to be limited. Corporate profits as a percent of the 
economy are at a record all-time high, and unbelievably, CEO pay has 
soared 300% since 1990 and corporate profits have doubled. While CEOs 
and shareholders have been cashing in, wages as a percent of the economy 
have dropped to an all-time low. The topi% of American wage earners 
continues to haul in the largest percentage of the country's total pre-tax 
income than at any other time since the late 1920s. After adjusting for in- 
flation, average hourly earnings haven't increased in 50 years and the 
minimum wage has dropped. In fact, income inequality has gotten so ex- 
treme in the US that it now ranks 93rd in the world in "income equality." 

And then there is the glaring inequity of taxes; it's a fabulous time to make 
a ton of money in America, because taxes on the nation's highest-earners 
are close to the lowest they've ever been in history while the rest of the 
country struggles with its 9% unemployment rate. 

If America and other world governments cannot figure out or will not find 
a way to address the grievances of the Occupy Wall Street protestors then 
it is more than likely that their counties will become increasingly "de-sta- 
bilized" In history the balance between "labor" and "capital," has rarely, if 
ever, found its self at the point where "capital" is so clearly in complete 
control. If nothing changes this imbalance then the current protests will 
likely be only the beginning and deterioration and continued de-stabiliza- 
tion can only be the predicted outcome. 
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rful variant in the form of Duqu. It is believed that a Hungarian bL 
er was the first to have a trvst with the virus in earlv September at 
osting service. 
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Why it is important: Duqu has gained a lot of attention because 
striking similarities with its famous predecessor, Stuxnet. Several Sec 
rity researchers have concluded that 99 percent of Duqu software nil 
are same as Stuxnet including source code and keys for encryptio 
There is reasonable evidence by that the damage caused by Stuxnet w; 
real. Hence, Duqu is of concern to every security professional at tl 
moment. — 
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b traffic to avoid suspicion from network administrators. This inf 
mation is then sent over to a remote command and control server ( 
server) using http request. The server responds with a blank J 
image, in response to which, Duqu sends back an image appended 
encrypted stolen information. The IP address of the CC server used fo 
these initial operations was 206.183.111.97 an 
The CC server has been deactivated since th 



/arious details of system which is then encrypted and appended to 
mage file. The data may simply be configuration and design data frc 
he systems, presumably to allow someone get competitive advanta^ 
e Trojan has been configured to run on the host machine for 36-da] 
er which the threat vector will automatically destroy itself from t 
system. However, additional components sent from the CC server 
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Complexity: There is nothing novel about the attack vector and it Cc 
be safely assumed that the creator at least had access to Stuxnet cod 
Once a certain piece is in circulation, others build upon it. And this m< 
be the case with Duqu. Duqu like Stuxnet, uses a stolen digital certii 
cate from a Taiwanese company to prove its authenticity. Also, Due 
couldn't have been around for too long since the driver sign date h; 
been recorded to be July 2011. There is also a likelihood of the san 
team being employed to create the Stuxnet variant. Like the Stuxne 
Duqu too is a State sponsored attack, since no other party would enga| 
in an activity that requires ample technical caliber but brings no ob\ 
ous monetary benefit. ^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
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tive and origin of Duqu. One of the interesting ones is 
reversemode on twitter. According to him, one of the galaxy pictui 
xmies from 66.49.141.227, which suggests a hebrew connection w 
uqu. In the past week, a few more variants have been discovered 



Analysis: Duqu gives the impression of something much bigger comi 
up than what meets the eye. It is also interesting to note that the te 
niques used to deploy these attacks are not state of the art. The depth 
information that can be extracted using Duqu is no different from w 
Stuxnet could do. Neither is it any more sophisticated from what 
have seen with Aurora. They were intriguing because of the coming 
gether of a possibly destructive operation of their stature. But it's 
the same with Duqu. Apart from the complexities it shares with 
predecessor, Duqu creators have also used age-old techniques - b 
password policy, use of USB drive outside of work and the likes to 
spread the virus. So what is it about this trojan-virus that is catchi 
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out Author: Nidhi Rastogi is a Cyber security protessional base 
>Tew York. She has over 7 years of experience in a variety of roles i 
luding wireless security, mobile devices, and application developme 
t companies like Verizon Wireless, GE Energy, and LTI. Nidhi is 
,raduate of University of Cincinnati and can be contacted 
hi.gupta@gmail.com |^^^^^^^^^^^^^^^^^^^^^^^^ 



A doomsday worm : The Sputnik of 2011 




This is a theoretical prima to bring out a discussion about whether an In- 
ternet doomsday worm can be created that is so intractable that it cannot 
be eradicated. This worm could also have the ability to carry multiple 
weaponized payloads. 

Can a doomsday worm shut down the Internet? I don't think anyone 
could shut down the Internet but I believe a worm can definitely create 
access problems. An intractable type of malware agent is not an abstract 
concept or science fiction. 

A doomsday like virus has been plaguing the U.S. Drone fleet. They keep 
trying to disinfect their hard drives but it keeps coming back. The Penta- 
gon has been plagued by the worm agent. btz; they are still trying to 
remove it after 3 years. Some analyst think agent. btz was created by 
China. The Drone's highly secure pc's and networks are not connected to 
the internet. The infection was introduced by mobile media like zip 
drives and cds. 



Let's put together the best aspects of worms and biological infectious 
agents. 

The AIDS virus has confounded medical science for number of years. It 
seems to be one of the most successful viruses in modern history. From 
the article "Why Diseases Such As AIDS Are So Successful and So 
Deadly:" "Cell-to-cell transmission is a thousand times more efficient, 
which is why diseases such as AIDS are so successful and so deadly," 
writes Mothes. "And because the retroviruses are already in cells, they 
are out of reach of the immune system." 

The statement, "Cell-to-cell transmission is a thousand times more effi- 
cient" is the best analogy to social networking sites that have the greatest 
transmission throughput. 

On the second line, "They are out of the reach of the immune system," 
compares if you take a corporation with 1,000 nodes that are infected it's 
easy for data security to push down a solution and remove the worm. The 
PCs that are actually outside the immune system are almost always home 
PCs, iPods, Android phones, and small network PC groups. 

What else can we learn about a biological model? If you walked into the 
middle of crowded room and asked if anyone knew Mary Mallon or 
Gaetan Dugas, you'd probably have a lot blank stares. Gaetan Dugas was 
the AIDS patient zero, and Mary Malone was the infamous Typhoid 
Mary. They share some similarities that helped them to infect a lot of 
people. They appeared healthy and did not have any outward signs of any 
health issues. 

The gestation period for AIDS was more than 10 years and Dugas infect- 
ed a lot of men during that time. Mary Mallon was a cook. She handled 
food and utensils, and at one time, she worked in a hospital. Mary she 
was a carrier of typhoid but did not get sick. Some of these ideas could 
build a good model for a worm. 



With the above and what I know of malware, let's build a 
model: 

1) It would have to operate in the noise level of the Internet. 

2) It would have to behave as a WebCrawler or spider to stay off of the 
radar of malware companies. 

3) It would have to infect its hosts with minimal discomfort; that is, min- 
imally slow them down or it make it appear as if it was not a type of mal- 
ware that somebody would want take the effort to remove. 

4) It would have to infect very slowly. 

5) It would have to be self-aware— it would have to recognize itself trying 
to re-infect a host. 

6) A model would have to be built for it to judge how its growth rate 
would have to be 

modulated. 

7) AIDS had a gestation of up to 10 years. A gestation time on the Inter- 
net of only one year would be an incredibly long time. 

8) The worm would have to be modular enough to take different pay- 
loads. 

9) It would have to try to just infect home PCs. Home PCs have been del- 
uged with strange malware and bogus antivirus pop-up ads. Recently, 
Microsoft tried to issue a malware solution. This antimalware flagged 
Goggle Chrome as a Trojan, and actually removed Goggle Chrome from a 
number of PCs. 

10) It may also contain code to write to places on hard drives that are 
normally inaccessible to antimalware programs. 

11) It would have to self morph, it would have to evolve. 

12) Be able to present different signatures to antimalware. 

13) It would have to be able to target specific IP addresses. 

14) It would have to reach a certain critical mass before reveling itself. 



What kind of weapon would this doomsday worm be? 

Depending on payload, it can have multiple objectives. For example ,it 
can be a psychological, financial or political weapon. Today people are 
addicted to the internet for face book and other social sites. People 
denied their daily internet fix would be more anxious and depressed. As 
a political tool it can slow down the internet right before an election. The 
incumbent party will receive most of the blame. Today many people use 
the internet for their financial transactions. Selling stock transferring 
money etc. any disruption on the information super highway. Slowing 
down the internet during financial market volatility can have very nega- 
tive affect. 

A country that gets the first doomsday worm on the internet has won the 
equivalent a space race. Having a doomsdays worm can be the equivalent 
to the 1957 Sputnik launch. 

I got the idea for a doomsday worm from a Chinese hacker website. I 
don't speak Chinese, so I had to use Google Translate, and as they say 
sometimes things get lost in the translation. 

About Author : Paul started his career working on IBM 360 and the 

PDP 11. He was an early advocate of using Hacking Software to check 
corporate data systems and has presented talks at the COMPUTER SE- 
CURITY INSTITUTE. Paul's articles have appeared in the Info Security 
magazine. 

In 1995 Paul, developed a defense against WAR DIALERS. His process 
was published in Info Security Magazine. A dialer is a program that dials 
a series of phone number and logs number that are connected to a 
modem. 

He is currently a computer security analyst and futurist. 



Demystifying the Android Malware 

McAfee's first quarter threat report stated 
that with 6 million unique samples of re- 
' corded malware, Qi 2011 was the most 

/ ^ active first quarter in malware history. 

_ McAfee stated that Android devices are 

becoming malware havens with Android 
being the second-most popular environ- 
ment for mobile malware after Symbian in 
the first quarter. 

In this Article, we are going to take you 
through the various phases so as to under- 
stand how and what these malwares are 

exactly made up of. First of all, we will start with discussing the back- 
ground of Android and then move on to the basics of how an Android 
package architecture is developed. We shall then analyze an android 
malware in complete detail. 



Introduction to the Android platform 

Android is a mobile-based operating system based on the Linux kernel. 
Android application developers write primarily in the Java language, 
controlling the device via Google-developed Java libraries. 



The Android compiler suite compiles the developer's Java files into class 
files, and then the class files are converted into dex files. Dex files are 
bytecode for the Dalvik VM which is a non-standard JVM that runs on 
Android applications. The XML files are converted into a binary format 
that is optimized to create small files. The dex files, binary XML files, 
and other resources, which are required to run an application, are pack- 
aged into an Android package file. These files have the .apk extension, 
but they are just ZIP files. Once the APK package is generated, it is 
signed with a developer's key and uploaded onto the Android market via 
Google's website from where the user can download these APK files and 
install them on the Android device. 



There are currently more than 2 million downloadable applications in 
the central repository of Android applications run by Google and an- 
droid applications can also be downloaded from other third-party sites. 

Requirements 

- Tool to unpack the .apk file : Winzip 

- Tool to convert the .dex to a .jar file : dex2jar 

- GUI tool for Java decompilation : JD-GUI 

- Sample Android malware for analysis 

Detailed Steps 

Step I: 

To start the malware analysis procedure, first download a sample an- 
droid malware. In this case, we will download iCalendar.apk, which was 
one of the n suspicious applications removed from the Android market 
because it was found to contain a malware as per Gadget Media. 

A scan of the application on VirusTotal revealed a detection rate of 
46.5% as shown in the figure below. 



VIRUS 
TOTAL 



Virustotal is a service that analyzes suspicious 
files and URLs and facilitates the quick detection 
of viruses worms trojans and ail kinds of malware 
detected by antivirus engines More information 
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Step II: 

Extract the iCalendar.apk file using Winzip to view the contents of the 
.apk file. 
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Here we see the .dex and the .xml file which we discussed in the earlier 
part of the article. 

Step III: 



The next step will be to get a better view of the code using the = dex2jar' 
tool. What the dex2jar toolkit does is, is converts the Dalvik executable 
.dex files into the Java .class files. 

We just drop the =classes.dex' file from our application into the 
dex2jar's directory and perform the conversion using the command: 
dex2jar.bat classes, dex 
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Fig. 3 This creates the „ classes, dex. dex2jar.jarD file in the same direc- 
tory. 
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Step IV: To see the readable format of the class files, we make use of 
JD-GUI. Open the = classes.dex.dex2jar.jar' file using JD-GUI. 
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This gives you a systematic view of the complete source code of the an- 
droid application. 



Step V: With the complete source of the application in front of you, you 
can perform the actual analysis of the source and see if something is 
amiss. We notice class file named = SmsReceiver. class' which seemed 
weird because as this is a Calendar application there should not be any 
need of a SmsReciever. 



On further inspection of the source code of = SmsReceiver.class', we find 
that it contains three numbers which are 1066185829 , 1066133 , 
106601412004 and look rather suspicious, like there is an attempt to 
block any messages from these numbers coming to the Android mobile 
device that has this application installed and running. 



.1 



1 *• k4 




After Googling these numbers, we found out that they are High premi- 
um rate SMS numbers which belong to China Mobile. 




1066185829 
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We will try and understand why the application tries to suppress deliv- 
ery reports from these numbers in later steps. 



The first most suspicious thing we notice is in the showImgO function. 
Once there are 5 clicks there is a call to a function sendSmsQ. 
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Step VI: Once done with the = SmsReceiver.class' we move on to the 
analysis of the code of next class file i.e. = iCalendar. class'. 
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So we run though the file and check for the = sendSms()' function to see 
what it does. Voila! ! As shown in the figure above, we see that when the 
function sendSms() is called, there is a SMS sent to the number 
1066185829 with the text 921X1. 

Step VII: At the end of sendSms() function there is a call to save() func- 
tion. So we look for the save() function in the code and find it to be just 
above the sendSms() function. 

On proper analysis and understanding of the save() function, we find 
that the string —YD is passed whenever the save() function is called. It 
is also concluded that the sendSms() function can be called only once 
and never again due to the — if □ loop set for the sendSmsQ function. 




Step VIII: Putting all the findings together we made during the analy- 
sis we can get a clear picture of the whole working of the malware. 



The application sends a SMS to the premium number 1066185829 with 
the text 921X1 and in the background blocks any incoming delivery re- 
ports from the number so that the victim does not get any response re- 
garding the SMS that the application sends in the background. Also, the 
SMS is sent only once and never again so that the victim has no suspi- 
cion on what caused the SMS charges to him. 



Victim downloads the malicious 
iCalendar.apk from Android Market 



Victim launches the application on 
his Android device. 
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ViCim click on the application for the 
3 th time. 
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S«nds Sms to l066lSo5£9 M'ith the text 
92lXl to subscribe for unknown service 




"Y" is set and saved 




Conclusions: 

A piece of malware with root access to a phone can not-only read any 
data stored on it but can also transmit data anywhere. This includes con- 
tact information, documents, and even stored account passwords. With 
root access it's possible to install other components that aren't visible 
from the phone's user interface and can't be easily removed. The ways to 
safeguard from these Android mal wares are: 

- Download Applications only from Trusted Sources 

- Check out the ratings and reviews before downloading an application 

- Look at the application's permissions very closely 

- Install Android OS Updates as soon as they're available 

- Install a Mobile Security Application 

This article shows an example of how malwares may affect innocent 
users. Without the users actually knowing about it, They are capable of 
performing malicious actions in the background. These malwares may 
cause you financial losses by debiting your call balances, or may target 
you by stealing your passwords or may just corrupt your phone. It is very 
important to safeguard against these by taking precautions. It is always 
better to be safe than to be sorry! 

About Author: Dinesh Shetty is currently working as a Information 
Security Consultant with Paladion Networks. Dinesh is Computer engi- 
neer from Ramrao Adik Institute of Technology and also a EC-Council 
Certified Ethical Hacker. 



Email : dinesh.shetty@live.com 



The Great Browser War of 2011 



The great browser war is back with a vengeance. This year has been quiet 
similar to previous ones with lots of updated versions rolling out. We 
will start off with some statistics to show you the overall usage of brows- 
ers. Then we will do an analysis on some of the criteria which makes a 
browser popular. The criteria are - speed, security and stability. 




Let's begin with the popular and worldwide usage front. We will again 
divide it into two scenarios. The Big screen scenario will focus on brows- 
er popularity on PC's and laptops. The small screen scenario will cover 
the tablets and smart phones. 



The Big screen scenario 



The big screen scenario comprises of desktop and laptop. This year has 
been the worst year for Microsoft's Internet explorer. They rolled out 
version 9 of the explorer series claiming that it will make your web beau- 
tiful but clearly it has lost ground by more than 5% this year and the cur- 
rent overall estimate of IE is below 50%. Firefox remained most stable. 
Their version 5 couldn't do much magic but still version 4 of Firefox is 
still their most popular browser. Firefox once again is the runner up the 
race after IE. The third and the fastest growing browser is Google 
Chrome, which has climbed to unexpected heights in this war. Chrome 
is throwing update after updates and this year they released three new 
versions of Chrome and by the time I am writing this post, they have 
launched version 13 of Chrome (that's insane). Even though IE still 
holds the first spot it has been largely due to the support of the windows 
platform. 

Here are some interesting statistics. Microsoft skipped the support of 
IE9 for Windows XP and purely focused on its Vista and windows 7 
users. Though there has been an overall dip in the usage of IE8 , IE9 has 
brought some silver linings for Microsoft. More than 65% of Windows 7 
users have shifted to IE version 9. This is really good news for Microsoft. 
The overall usage of IE9 is still not more than 28% worldwide but it still 
has been reporting a steady growth. It has shown the fastest growth rate 
since its launch in June. This brings Microsoft's overall browser market 
share to pass 50%. Firefox is the oldest competitor and it has a share 
close to 28%. Firefox has shown some resistance over the past few years 
and still it is the top browser in countries like China and Russia who 
have high internet users. But Firefox doesn't have the strong bank bal- 
ance that Google or Microsoft has. In the recent months, Chrome has 
grown at a faster rate compared to Firefox. Even the 9th version of IE 
has shown a quick growth but the new versions of Firefox have shown 
marginal growth. Microsoft has done a great job to integrate the hard- 
ware acceleration of IE9 with the windows machine to give a better per- 
formance. 



SlatCounter Global Stats 
Top 5 Browsers from Aug 10 to Aug 11 
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Above is the browser usage figure for Aug 2010 to Aug 2011. The scene has changed a lot. It's true that there 
was a time when IE held more than 80% of the browser market but there were not many competitors that 
time. Now several big names have jumped into this war and hence it's more fierce. If the above figure scared 
Microsoft then the next one will hit them really hard. 

Here is an image which shows the overall browser usage from 2008 till 2011. 
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There are three very simple analysis that we can make out of this figure: 

1. IE has steadily dropped in browser usage share worldwide. 

2. Firefox is almost stagnant. 

3. If IE fell and Firefox was stagnant then where did the remaining value 
go! !? I think you know the answer. It's CHROOOMEEEEE. 




The 4th browser in this list is Safari which is largely supported because 
it is the default browser in Mac. The fierce battle between the top three 
has left almost no space for any other browser so there hardly anything 
to say about the 4th spot. The fifth spot belongs to Opera. In this battle 
it remains close to Safari and keeps turning up and down. Well we 
cannot ignore Opera, it's on the fifth spot in the big screen scenario. 
Why??? Let's find out. 



Small screen scenario 

Untill last year this segment consisted only of mobile phones. But this 
year we have a new guest, Tablets. Let's start with welcoming our new 
guest. The worldwide internet usage on ipad 2 passed 1% in July this 
year. This figure is 2.2% in USA. The reason I chose only Ipad stats here 
is that rest of the other tablet competitors are so far that their total 
doesn't even amount to .5% of total internet usage on tablets. As I just 
said, Opera should not be ignored and the reason is that it is the best 
mobile browser from the past decade. It accounts for nearly 22% of total 
browser usage on mobile devices and continues to be at the top list. You 
might say that the figures were far more impressive if we look at the last 
5 year stats but mobile development has seen tremendous changes in 
past 5 years and its full credit goes again to Google's yet another revolu- 
tionary product called Android. Here in this figure we can see the past 
three year statistics for small device browsers. 
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You can clearly see that Opera wins the battle, but the fight is close here. It's 
not as open as the previous scenario. If Nokia and iphone are fighting for the 
second spot then Blackberry and Android are fighting for the third. The race 
is really tough here. But the future of Opera doesn't look as bright as it has 
been in the past. The intense growing market of apple products and the fast 
flow of Android around the world will surely surpass all stats and again it will 
be a battle of lost grounds. Here I will show you an interesting figure. These 
are the stats of mobile browser usage for past three months. 




These are the figures which are currently buzzing in the whole world. The 
last three months internet usage through smart phones and tablets shows 
that Android has won the race with iphone, Nokia and Blackberry. Currently, 
there are more than 500,000 unlocks of Android phones each day in USA. It 
will be really interesting to see how this battle shapes up. We cannot neglect 
any players in this segment because the fight is close and any single cool 
product from either of them can change the whole game. 
Let us now analyze which browser will suit you the most according to your 
usage. We will be using the three criteria to measure. Again, they are speed, 
security and stability. You can choose your preference accordingly. We will 
be testing the top three browsers namely IE8, Firefox 5, and Chrome 8 (most 
popular ones in each category). 

Speed 

If you are talking about speed then there is no fight. Chrome is truly the 
winner in this segment. Google has really thrown their best engineering to 
make Chrome lightening fast. The way it loads the cache and its auto sugges- 
tion of url's makes the browsing experience really fast. Hacking Alert con- 
ducted a small experiment to justify this fact. We conducted a speed test for 
loading hackingalert.blogspot.com on the three browsers. Here are the 
screen shots 
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Security 

Here there was a close fight. This fight was between IE and Chrome. 
While testing my hacking experiments I prefer using Firefox because of 
its lame default security measures compared to IE and Chrome. Both IE 
and Chrome have an automatic client side code filtering and certificate 
cross validating feature which is absent in Firefox. But considering the 
incredible connectivity of the latest IE9 integrations with the windows 
machine, I will vote IE to be a better option for those who want complete 
security while they are on internet. 

Stability 

When it comes to stability, Firefox is the ultimate winner. Fewer crash- 
es, more multiple tab support and excellent performance when browser 
is used for localhost server operations. It stands out in the crowd and de- 
livers the best performance. It is most preferred by users who want to 
use it as the GUI for server operations like connecting with servers 
WAMP, XAMPP, Oracle database etc. Firefox has proved really stable 
under such situations. The battleground is old but the players are new 
and fresh. It's not only about updating versions, in fact it's about bring- 
ing the change in user experience. We are too small to criticize the hard 
work that these companies put in to provide us quality products. For us 
it's merely a choice of browser but for them it's their year long effort. 
Whatever they put before us is an engineering marvel so whoever wins 
the battle, the ultimate winner will be the users. 

I hope this article will help you choose your favourite flavour of browser. 
I wish good luck to all the browsers and hope to see more twists next 
year!!! 

About Author : 

Abhinav singh a.k.a DaRkLoRd , 

Information Security expert and Systems Engineer at TCS 
Founder @ HackingAlert : hackingalert.blogspot.com 
Email : abhinavbom@gmail.com 



Digital Forensic Technology 




Today, most of the Law-enforcement forensic agencies all over the world, 
especially in the US often use En-case tool. This tool consists mostly of 
functionality which reduces investigation time, identify accomplices, and 
provide leads for other unsolved investigation. 



What's more with En-case? 

The En-case forensic tool comes with great solutions for capturing, ana- 
lyzing and reporting on digital evidence. The investigator can also get In- 
ternet activity, Email, Documents, Graphics, Address books with more 
then 300 different-different file formats. Investigators can recover 100% 
of deleted files, reformatted disks, swap and slack space, hidden files, 
print spools and more. In addition, Encase forensic helps you to identify 
encrypted data, stenography and more and more. 



How En-case works? 

The first step in this investigative process is to acquire the evidence. The 
goal is to obtain 

an exact replica of the data without compromising its integrity. Because 
computer systems may contain volatile/temporary data in RAM, the ac- 
quisition process is a dynamic one. In this scenario it is permissible to 
shutdown the suspect's computer and boot it with a DOS boot utility. En- 
Case for DOS allows for a forensically sound acquisition of data without 
running the risk of altering access dates and time stamps. En-Case for 
DOS writes block 

the suspect's hard drive during acquisition, thus preventing accidental 
data modifications. 

The procedure used in this investigation was as follows: 

Investigators start the investigation by attaching the suspects hard drive 
into his forensic computer, (Drive can be Macintosh, Linux, Windows or 
Dos machine) then its makes a bit-stream mirror image of the drive. This 
mirror image is mounted as a read-only evidence file. This feature pre- 
vents tempering the data and invalidate evidence. En-case also ensure its 
mirror image is the same as the original one by calculating cyclical redun- 
dancy checksums and md5 hash. 

While examining a drive, this tool goes beneath the operating system to 
view all of the data -including file slack, unallocated space and windows 
swap files in which deleted files and other potential evidence can be stored 
some times. It is almost impossible to view such areas of the derive. 

En-case also gives you a sorting option for better examination. The inves- 
tigator sorts then based on various criteria such as extension or time 
stamp moreover Encase also compares known file signatures with file ex- 
tension so investigators can determine whether the user has tried to hide 
or temper evidence from detection by changing its extension. Encase also 
gives you the customize functionality. 



Investigators can preview data while drives or other media are being ac- 
quired. Once the image files are created the examiner can search and ana- 
lyze multiple drives or other media simultaneously. En-case also features 
a case indexer. This tool has a complete index in multiple languages, al- 
lowing for fast and easy queries. 

Encase forensic feature En-Script programming capabilities. Encase, an 
object-oriented programming language similar to java or C++ helps users 
to create custom programs to help them automate time-consuming inves- 
tigative tasks, such as searching and analyzing specific document types or 
other labor-intensive processes and procedures. Once investigators have 
a bookmarked relevant data, they can create a report based on suitable ev- 
idence which will support for presentation in court, management and 
other authorities. 

Forensic Examination of Digital Evidence - A Guide for Law 
Enforcement, produced by the U.S. Department of Justice 
[DOJ04], offers the following suggestions for the analysis of ex- 
tracted data: 

# Timeframe analysis - Determine when events occurred on the system to as- 
sociate usage with an individual by reviewing any logs present and the date/time 
stamps in the file system, such as the last modified time. 

# Data hiding analysis - Detect and recover hidden data that may indicate 
knowledge, ownership, or intent by correlating file headers to file extensions to 
show intentional obfuscation; gaining access to password-protected, encrypted, 
and compressed files; gaining access to steganographic information detected in 
images; and gaining access to reserved areas of data storage outside the normal file 
system. 

# Application and file analysis - Identify information relevant to the investi- 
gation by examining file content, correlating files to installed applications, identify- 
ing relationships between files (e.g., e-mail files to e-mail attachments), determin- 
ing the significance of unknown file types, examining system configuration set- 
tings, and examining file metadata (e.g., documents containing authorship identifi- 
cation). 

# Ownership and possession — Identify the individuals who created, modified, 
or accessed a file, and the ownership and possession of questioned data by placing 
the subject with the device at a particular time and date, locating files of interest in 
non-default locations, recovering passwords that indicate possession or ownership, 
and identifying contents of files that are specific to a user. 



EnCase Forensic Features and Functionality Checklist 
Acquisition Granularity: 

- Errors: Specify the number of sectors that get zeroed when an error is 
found. 

- Acquisition Blocks: Define the block size. 

- Acquisition Restart: continue a windows-based acquisition from its 
point of interruption. 

- Logical Evidence Files: an evidence container with only the files or fold- 
ers you need. 

- CRC: image verified by cyclical redundancy checksum (CRC) and MD5 

- LinEn utility - acquire evidence via boot disk 

- WinEn utility - acquire RAM evidence 

Automation Tools : 

- Filters and Conditions: more than 150 available 

- Combine filters to create complex queries using simple "OR" or "AND" 
logic 

- Active Directory Information Extractor 

- Hardware Analysis: automatically culls through the registry and config- 
uration files 

- Recover partitions: automatically rebuilds the structure of formatted 
NTFS and FAT volumes. 

- Recover deleted files/folders 

Analysis Features 

- Windows event log parser 

- Link file parser - find in unallocated space 

- Compound (e.g., zipped) document and file 

- File Signature analysis 

- Hash analysis 

- File finder - find files in unallocated space 



Viewers 

- Native viewing for -400 file formats 

- Built-in Registry Viewer 

- External File Viewers 

- Integrated Picture Viewer with Gallery View 

- Timeline/Calendar viewer 

Searching 

- Binary search - search raw binary data 

- Proximity Search 

- Internet and email search 

- Case Sensitive • GREP • Right to Left Reading 

- Active Code Page: keywords in many languages. 

- Big Endian/Little Endian, UTF-8/UTF-7 

- Search file slack and unallocated space 

Reporting - Automatic Reports 

- Detailed listing of all URLs and corresponding dates and times of web 
sites visited 

- Document incident response report 

- Log Records 

- Registry 

- Detailed hard drive information about physical and logical partitions 

- View data about the acquisition, drive geometry, folder structures and 
bookmarked files and images. 

- Export reports in RTF or HTML formats. 

Bookmark Features 

- Highlighted Data 

- Notes 

- Folder Information 

- Notable Files 

- File Groups 



Internet and Email Investigation 

- Browser History Analysis 

- Internet artifacts 

- WEB History & cache analysis 

- HTML carver 

- HTML page reconstruction 

- Kazaa toolkit 

- Instant Messenger toolkit - Microsoft® Internet Explorer, Mozilla Fire- 
fox, Opera and Apple Safari Email Support Includes 

- Outlook PSTs/OSTs ('97-03) 

- Outlook Express DBXs 

- Microsoft Exchange EDB Parser 

- Lotus Notes V6.0.3, V6.5.4 and vj 

- AOL 6.0, 7.0, 8.0 and 9.0 PFCs 

- Yahoo 

- Hotmail 

- Netscape Mail 

- MBOX archives 

System Support 

- Hardware and software RAIDs. 

- Dynamic disk support for Windows 2000/XP/2003 Server 

- Interpret and analyze VMware, Microsoft Virtual PC, DD and SafeBack 
v2 image formats. 

- File systems: Windows FAT12/16/32, NTFS; Macintosh HFS, HFS+; 
Sun Solaris UFS, ZFS; Linux EXT2/3; Reiser; BSD FFS, FreeBSD's Fast 
File System 2 (FFS2) and FreeBSD's UFS2; Novell's NSS & NWFS; IBM's 
AIX jfs, JFS and JFS with LVm8; TiVo Series One and Two; CDFS; Joliet; 
DVD; UDF; ISO 9660; and Palm 



Submitted By : JATIN JAIN 
(Information Security Consultant) 
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APT Established as a Classic Threat 



"rusted Barik^ 

Hi Valued Custom 
Wo reed INFO!! 





APT = Target Phishing+ Social engineering + Lack of in- 
formation security awareness + IT assets misconfig- 
ured. 



The origin of word Attack is Attach: c.1600, from Fr. attaquer 
(i6c.),from Florentine attaccare (battaglia) "join (battle)," thus 
the word is a doublet of attach, which was also used 15C.-17C. in 
the sense now reserved to attack. It is interesting because the APT 
attacks are based on malicious attachments and are not highly ad- 
vanced and sophisticated. Attackers take advantage of organiza- 
tions making simple mistakes. They call the attack an APT be 
cause the organizations do not know what happened but send 
emails to targets with malicious attachment. The act of monitor- 
ing their treatment and escalating privileges is just a step of the 
Social Engineering Pentest using emails or a real attack. 



The most common way for cyber attackers to gain access to an or- 
ganization's network is through spear phishing, in which the at- 
tacker sends an email that looks like it came from a trusted 
source,when opened, installs that which will enable them to ex- 
ploit the target's network. The compromised system continues to 
work without any evidence that the network is compromised. In- 
formation is gathered for future attacks and to escalate privileges. 

The attackers use newly designed and customized malware to cir- 
cumvent most common defenses and focus their tools and tech- 
niques on a specific target or just evading techniques, breaking 
the Trojan file into multiple pieces and zip them as single file, 
changing the contentof the Trojan using hex editor and also 
change the checksum and encrypt the file and change Trojan's 
syntax to convert an executable file to VB script or Office files. 

Create a dropper, which is a part in a trojanized packet that in- 
stalls the malware on the target systems and creates a wrapper 
using tools to install Trojan on the victim's computer with an in- 
nocent looking extension (.pdf, .doc, etc) is not necessarily ad- 
vanced. When the victim runs the wrapped file, it first installs the 
Trojan in the background and then runs the wrapping application 
in the foreground.The Trojan server is installed on the victim's 
machine, which opens a port for the attacker to connect. The 
client is installed on the attackers machine, which is used to 
launch a command shell on the victims machine. 

Command shell Trojans gives remote control of a command shell 
on a victim's machine. The Trojan looks for using the victim's 
machine for illegal purposes, such as to scan, flood, infiltrate 
other machines,steal information such as passwords and security 
codes using keyloggers, replace OS critical files, download other 
malwares, record screenshots, audio and video, disable the local 



anti-virus and the personal firewall and infect the victims compu- 
ter as a proxy server for relaying attacks and uses that machine as 
a convert channel. 



Compromised machines become springboards to infect other ma- 
chines and the entire network. As the network becomes infected, 
backdoors areinstalled to gain further access to the company's in- 
frastructure. With the proper credentials in hand, the attacker 
controls the compromised system. As the infiltration continues, 
the victim's network password sare grabbed, email and files are 
stolen, and even the network topology itself is uncovered. The 
attack continues to expand its reach in the network into more sen- 
sitive systems via the Botnet master's Command and Control in- 
frastructure placing more and more critical data; such as financial 
data, marketing plans, and research and development informa- 
tion, at risk. With one compromised system, an attacker can es- 
tablish full control over much of the corporate, enterprise, or criti- 
cal network infrastructure. 

Reconnaissance, scanning, gaining access, maintaining access 
and clearing track are basic steps for any attacker or pentester and 
hiding files, cracking passwords, escalating privileges, executing 
applications, covering tracks are not new advancements and APT 
is just a new scary thing to say. 



About Author : Luiz Firmino is 24 years of information security 
experience working for Brazilian Federal Government, Roche, 
Sara Lee and HSBC. Specialized in finding novel ways to apply 
safeguards and countermeasures and to manage information se- 
curity areas. 



October Month Updates from THN 



NSS Labs offers Bounties for exploits (10/06/2011) 

ExploitHub, which operates a penetration-testing site and is run by NSS Labs, 
announced a bug-bounty program for researchers to develop exploits for 12 
high-value vulnerabilities in Microsoft and Adobe products. The company, 
which has set aside $4,400 in reward money, plans to give $100 to $500 to the 
first people to submit a working exploit for the vulnerabilities. Read more : 
http:/ /goo.gl/ qWcLn 

Student Arrested for hacking Thailand Prime Minister Accounts 
(10/07/2011) 

Prime Minister Yingluck Shinawatra's personal Twitter account was hacked 
on October 2nd, 2011 in what officials said was possibly part of a conspiracy to 
embarrass the government. Police in Thailand have arrested a university stu- 
dent who is said to have admitted hacking into the Prime Minister's Twitter 
account and posting messages accusing her of incompetence. 22-year-old 
Aekawit Thongdeeworakul, a fourth year Student. Read more : 
http://goo.gl/pmNhL 

Android malware - Works on remote commands form encrypted 
blog (10/08/2011) 

Researchers from Trend Micro have spotted a piece of malicious software for 
Android. This is the first known Android malware that reads blog posts and in- 
terprets these as commands. It can also download and install additional appli- 
cations, therefore further compromising the affected device. Trend Micro calls 
the malware "ANDROIDOS_ANSERVER. A. " If the application is installed, it 
asks for a variety of permissions. Read more : http://goo.gl/uAEIl 

Apache Patch released for Reverse proxy Bypass Vulnerability 
(10/08/2011) 

Security experts at Context have discovered a hole in the Apache web server 
that allows remote attackers to access internal servers. Security experts are 
warning firms running the Apache web server to keep up to date with the latest 
patches after the Apache Software Foundation issued a security advisory to all 
customers highlighting a new vulnerability. Read more : 
http://goo.gl/54OoG 



U.S. drones affected by Keylogger Virus (10/10/2011) 

A keylogger of some sort has infiltrated classified and unclassified computer 
systems at Creech Air Force Base in Nevada, recording the keystrokes of pilots 
tasked with operating unmanned drone aircraft in Afghanistan and other in- 
ternational conflict zones. The virus, first detected nearly two weeks ago by the 
military's Host-Based Security System, has not prevented pilots at Creech Air 
Force Base in Nevada from flying their missions overseas. Read More : 
http://goo.gl/d3si8 

FBI shut down 18 Child Porn Websites (10/11/2011) 

A man was recently indicted on federal charges of running 18 Chinese-lan- 
guage child pornography websites out of his apartment in Flushing, New York. 
The websites were being advertised to Chinese-speaking individuals in China, 
in the U.S., and other countries. According to the FBI, "Virtually every day, 
children are lured away from their families by cyber sexual predators. Read 
more : http://goo.gl/e6RMK 

Sony hacked again - 93,000 accounts compromised with brute- 
force attack (10/12/2011) 

Sony has warned users against a massive bruteforce attack against PlayStation 
and Sony network accounts. The attack - which used password and user ID 
combinations from an unidentified third-party source - succeeded in compro- 
mising 60,000 PlayStation Network and 33,000 Sony Online Entertainment 
network accounts. Read more : http://g00.gl/9V0bh 

Cyber Cell Mumbai Websites hacked by Pakistani Hacker 
(10/15/2011) 

Pakistani hacker "Shadowoo8" from Pakistani Cyber Army again strike back 
on India's Most Important website of Cyber cell located at Mumbai, India. The 
Websites is Defaced today Morning and Mirror of Hack also available on Leg- 
end-h. Read more : http://g00.gl/xTIb7 

Sesame Street YouTube Channel Hacked, Porn Posted (10/17/2011) 

Some of the world's worst lowlifes decided to hack the Sesame Street YouTube 
channel and replace some of the videos with pornographic clips. For about 20 
minutes yesterday, visitors to the YouTube channel of the popular children's 
show saw hardcore porn. Read more : http://goo.gl/eG2H4 



Miley Cyrus Needs A Lecture on Cyber Security (10/17/2011) 

The man, who is currently facing up to 121 years behind bars, has been 
charged with 26 counts of identity theft, wire-tapping and unauthorised 
access to protected computer. Chaney, who has been in contact with TMZ for 
the last two years, has contacted the gossip website with details on how he 
hacked into Miley Cyrus's Gmail account. Read more : 
http:/ /goo.gl/ azoOd 

'Good to Know' campaign : Google Collaborates with Citizens 
Advice Bureau for Online Safety (10/17/2011) 

Google's first ever advertising campaign for online safety launches today, in 
association with the Citizens Advice Bureau. It covers topics such as choosing 
a password, scam emails and using two factor authentication. Read more : 
http://goo.gl/i13Zj 

Duqu - Next Major Cyber Weapon like Stuxnet (10/18/2011) 

The Stuxnet cyberworm could soon be modified to attack vital industrial facili- 
ties in the US and abroad, cybersecurity experts warned Wednesday at a 
Senate hearing. Computer security companies agree that these virus is unprec- 
edented and it means the dawn of a new world. Read More : 
http://goo.gl/osLlN 

Adobe Flash bug allow spying Webcam hole (10/20/2011) 

The flaw was disclosed in 2008 and can be exploited to turn on people's web- 
cams or microphones without their knowledge. Attack involved putting the 
Adobe Flash Settings Manager page into an iFrame and masking it with a 
game, so that when the user clicked on the buttons he would actually change 
the settings and turn on the webcam. Read more : http://goo.gl/ga6DF 

Hackers leak Citigroup CEO's personal data after Occupy Wall 
Street arrests (10/21/2011) 

The mobile phone number and home address of Vikram Pandit, the chief ex- 
ecutive of Citigroup, have been placed on the web by hacking group 
CabinCr3w in retaliation for the cuffing of protesters at an Occupy Wall Street 
demo. Read More : http://g00.gl/ygi02 



Anonymous Hackers Take Down 40 Child Porn Websites 
(10/22/2011) 

Anonymous has taken down more than 40 darknet-based child porn websites 
over the last week. Details of some of the hacks have been released via paste- 
bin #OpDarknet, including personal details 1500 users of a site named 'Lolita 
City,' and DDoS tools that target Hidden Wiki and Freedom Hosting — alleged 
to be two of the biggest darknet sites hosting child porn. Read More : 
http://g00.gl/zcML9 

Microsoft's official Youtube channel hacked (10/23/2011) 

It appears that someone has hacked into Microsoft's account on Youtube and 
removed all videos. Also the hometown has been changed to "Hey". In their 
place are short clips soliciting advertisers, not surprisingly, as the channel has 
some 24,000+ subscribers. Read More : http://goo.gl/6U3Cp 

Latest Security Flaw in Skype Enables IP address & Location Track- 
ing (10/25/2011) 

The serious breach in the widely-used, internet video chat program means 
that any evil computer nerd could easily hunt down users' whereabouts, ac- 
cording to a study co-authored by an NYU-Poly professor. Read more : 
http://goo.gl/EsVoW 

Anonymous DDOS Oakland police site after violence (10/27/2011) 

Cyber activists associated with Anonymous have targeted the Oakland Police 
Department (OPD) and other law enforcement agencies that participated in a 
controversial crackdown against OccupyOakland protestors. Read More : 
http://goo.gl/ZyE6b 

US satellites was victim by Chinese Hackers (10/27/2011) 

Computer hackers, possibly from the Chinese military, interfered with two 
U.S. government satellites four times in 2007 and 2008 through a ground sta- 
tion in Norway, according to a congressional commission. Read More : 
http://g00.gl/QQIS3 

Facebook EXE attachment Vulnerability can Compromise with 
Users Security (10/27/2011) 

Nathan Power from SecurityPentest has discovered new Facebook Vulnerabil- 
ity, that can easily attach EXE files in messages,cause possible User Creden- 
tials to be Compromised . Read More: http://goo.gl/DKaWL 



Malware for xbox Kinect created by 15 years old Indian researchers 
(10/27/2011) 

A lsyear old Indian security researcher 'Shantanu Gawde' from MalCon Re- 
search has created a malware that utilizes the Microsoft xbox kinect controller. 
Kinect for Xbox 360, or simply Kinect, is a motion sensing input device by Mi- 
crosoft for the Xbox 360 video game console. Read More : 
http : //goo . gl/ m4r dx 

How Facebook Ticker exposing your information and behavior 
without your knowledge (10/28/2011) 

Nelson Novaes Neto, a Brazilian (independent) Security and Behavior Re- 
search have analyze a privacy issue in Facebook Ticker that allows any person 
chasing you without your knowledge or consent . He explain that this is not a 
code vulnerability, but here the whole issue is related to users privacy. Read 
More at http://goo.gl/DsdGP 

Anonymous hackers threatening a Mexican drug cartel 
(10/29/2011) 

Anonymous Mexico is going head-to-head with one of the most dangerous 
criminal organizations in the world, the Mexican cartel Los Zetas. Mexican 
Anonymous hackers is warning a Mexican drug cartel to release one of its 
members, kidnapped from a street protest. Read More : 
http://goo.gl/M8Tfa 

Duqu Trojan found in Indian Server (10/30/2011) 

Two workers at a web-hosting company called Web Werks told Reuters that 
officials from India's Department of Information Technology last week took 
several hard drives and other components from a server that security firm 
Symantec Corp told them was communicating with computers infected with 
Duqu. Read More : http://goo.gl/MHJoh 

Facebook "Trusted friends" Security Feature Easily Exploitable 
(10/31/2011) 

Last week Facebook announced that in one day 600,000 accounts possibly get 
hacked. Another possible solution for Facebook to combat security issues is to 
find 3 to 5 "Trusted friends". This Exploit is 90% Successful on the victims who 
add friends without knowing them or just for increasing the number of 
Friends. Read More : http://goo.gl/aurRJ 



